logstash-mixin-aws 4.3.0 → 5.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +13 -0
- data/LICENSE +199 -10
- data/README.md +1 -1
- data/lib/logstash/plugin_mixins/aws_config/generic.rb +2 -1
- data/lib/logstash/plugin_mixins/aws_config/v2.rb +61 -43
- data/lib/logstash/plugin_mixins/aws_config.rb +0 -9
- data/logstash-mixin-aws.gemspec +1 -2
- data/spec/plugin_mixin/aws_config_spec.rb +46 -84
- metadata +3 -19
- data/lib/logstash/plugin_mixins/aws_config/v1.rb +0 -64
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9e9d62304bfbb30d0eb628b5bcb0066c1a64371515cb3f882f1671c25378884c
|
4
|
+
data.tar.gz: 4eccc7b012c5a4b176cf00a8ff1cabc2affc0c2cc086ecfcd5258e67691d1f02
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: fd7bccdff8a149df9c941ed0e088a83eaac6420618eb0a651a9500dde41444373c93375bc3837c56a06b79c284f8150e09beb8766395af561fab47ef84ffa6ad
|
7
|
+
data.tar.gz: 6fbf21a0b1d72fd7d0d39d4d2c8e1138c922234162c8aefaa0034badf38e1f859275e085aaf95f1df6eef04cbb41020b73aa8631f45e5e8f586b264824ff0cad
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,16 @@
|
|
1
|
+
## 5.1.0
|
2
|
+
- Add support for 'addition_settings' configuration options used by S3 and SQS input plugins [#53](https://github.com/logstash-plugins/logstash-mixin-aws/pull/53).
|
3
|
+
|
4
|
+
## 5.0.0
|
5
|
+
- Drop support for aws-sdk-v1
|
6
|
+
|
7
|
+
## 4.4.1
|
8
|
+
- Fix: proxy with assumed role (properly) [#50](https://github.com/logstash-plugins/logstash-mixin-aws/pull/50).
|
9
|
+
|
10
|
+
## 4.4.0
|
11
|
+
- Fix: credentials/proxy with assumed role [#48](https://github.com/logstash-plugins/logstash-mixin-aws/pull/48).
|
12
|
+
Plugin no longer assumes `access_key_id`/`secret_access_key` credentials not to be set when `role_arn` specified.
|
13
|
+
|
1
14
|
## 4.3.0
|
2
15
|
- Drop strict value validation for region option #36
|
3
16
|
- Add endpoint option to customize the endpoint uri #32
|
data/LICENSE
CHANGED
@@ -1,13 +1,202 @@
|
|
1
|
-
Copyright (c) 2012-2018 Elasticsearch <http://www.elastic.co>
|
2
1
|
|
3
|
-
|
4
|
-
|
5
|
-
|
2
|
+
Apache License
|
3
|
+
Version 2.0, January 2004
|
4
|
+
http://www.apache.org/licenses/
|
6
5
|
|
7
|
-
|
6
|
+
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
8
7
|
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
8
|
+
1. Definitions.
|
9
|
+
|
10
|
+
"License" shall mean the terms and conditions for use, reproduction,
|
11
|
+
and distribution as defined by Sections 1 through 9 of this document.
|
12
|
+
|
13
|
+
"Licensor" shall mean the copyright owner or entity authorized by
|
14
|
+
the copyright owner that is granting the License.
|
15
|
+
|
16
|
+
"Legal Entity" shall mean the union of the acting entity and all
|
17
|
+
other entities that control, are controlled by, or are under common
|
18
|
+
control with that entity. For the purposes of this definition,
|
19
|
+
"control" means (i) the power, direct or indirect, to cause the
|
20
|
+
direction or management of such entity, whether by contract or
|
21
|
+
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
22
|
+
outstanding shares, or (iii) beneficial ownership of such entity.
|
23
|
+
|
24
|
+
"You" (or "Your") shall mean an individual or Legal Entity
|
25
|
+
exercising permissions granted by this License.
|
26
|
+
|
27
|
+
"Source" form shall mean the preferred form for making modifications,
|
28
|
+
including but not limited to software source code, documentation
|
29
|
+
source, and configuration files.
|
30
|
+
|
31
|
+
"Object" form shall mean any form resulting from mechanical
|
32
|
+
transformation or translation of a Source form, including but
|
33
|
+
not limited to compiled object code, generated documentation,
|
34
|
+
and conversions to other media types.
|
35
|
+
|
36
|
+
"Work" shall mean the work of authorship, whether in Source or
|
37
|
+
Object form, made available under the License, as indicated by a
|
38
|
+
copyright notice that is included in or attached to the work
|
39
|
+
(an example is provided in the Appendix below).
|
40
|
+
|
41
|
+
"Derivative Works" shall mean any work, whether in Source or Object
|
42
|
+
form, that is based on (or derived from) the Work and for which the
|
43
|
+
editorial revisions, annotations, elaborations, or other modifications
|
44
|
+
represent, as a whole, an original work of authorship. For the purposes
|
45
|
+
of this License, Derivative Works shall not include works that remain
|
46
|
+
separable from, or merely link (or bind by name) to the interfaces of,
|
47
|
+
the Work and Derivative Works thereof.
|
48
|
+
|
49
|
+
"Contribution" shall mean any work of authorship, including
|
50
|
+
the original version of the Work and any modifications or additions
|
51
|
+
to that Work or Derivative Works thereof, that is intentionally
|
52
|
+
submitted to Licensor for inclusion in the Work by the copyright owner
|
53
|
+
or by an individual or Legal Entity authorized to submit on behalf of
|
54
|
+
the copyright owner. For the purposes of this definition, "submitted"
|
55
|
+
means any form of electronic, verbal, or written communication sent
|
56
|
+
to the Licensor or its representatives, including but not limited to
|
57
|
+
communication on electronic mailing lists, source code control systems,
|
58
|
+
and issue tracking systems that are managed by, or on behalf of, the
|
59
|
+
Licensor for the purpose of discussing and improving the Work, but
|
60
|
+
excluding communication that is conspicuously marked or otherwise
|
61
|
+
designated in writing by the copyright owner as "Not a Contribution."
|
62
|
+
|
63
|
+
"Contributor" shall mean Licensor and any individual or Legal Entity
|
64
|
+
on behalf of whom a Contribution has been received by Licensor and
|
65
|
+
subsequently incorporated within the Work.
|
66
|
+
|
67
|
+
2. Grant of Copyright License. Subject to the terms and conditions of
|
68
|
+
this License, each Contributor hereby grants to You a perpetual,
|
69
|
+
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
70
|
+
copyright license to reproduce, prepare Derivative Works of,
|
71
|
+
publicly display, publicly perform, sublicense, and distribute the
|
72
|
+
Work and such Derivative Works in Source or Object form.
|
73
|
+
|
74
|
+
3. Grant of Patent License. Subject to the terms and conditions of
|
75
|
+
this License, each Contributor hereby grants to You a perpetual,
|
76
|
+
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
77
|
+
(except as stated in this section) patent license to make, have made,
|
78
|
+
use, offer to sell, sell, import, and otherwise transfer the Work,
|
79
|
+
where such license applies only to those patent claims licensable
|
80
|
+
by such Contributor that are necessarily infringed by their
|
81
|
+
Contribution(s) alone or by combination of their Contribution(s)
|
82
|
+
with the Work to which such Contribution(s) was submitted. If You
|
83
|
+
institute patent litigation against any entity (including a
|
84
|
+
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
85
|
+
or a Contribution incorporated within the Work constitutes direct
|
86
|
+
or contributory patent infringement, then any patent licenses
|
87
|
+
granted to You under this License for that Work shall terminate
|
88
|
+
as of the date such litigation is filed.
|
89
|
+
|
90
|
+
4. Redistribution. You may reproduce and distribute copies of the
|
91
|
+
Work or Derivative Works thereof in any medium, with or without
|
92
|
+
modifications, and in Source or Object form, provided that You
|
93
|
+
meet the following conditions:
|
94
|
+
|
95
|
+
(a) You must give any other recipients of the Work or
|
96
|
+
Derivative Works a copy of this License; and
|
97
|
+
|
98
|
+
(b) You must cause any modified files to carry prominent notices
|
99
|
+
stating that You changed the files; and
|
100
|
+
|
101
|
+
(c) You must retain, in the Source form of any Derivative Works
|
102
|
+
that You distribute, all copyright, patent, trademark, and
|
103
|
+
attribution notices from the Source form of the Work,
|
104
|
+
excluding those notices that do not pertain to any part of
|
105
|
+
the Derivative Works; and
|
106
|
+
|
107
|
+
(d) If the Work includes a "NOTICE" text file as part of its
|
108
|
+
distribution, then any Derivative Works that You distribute must
|
109
|
+
include a readable copy of the attribution notices contained
|
110
|
+
within such NOTICE file, excluding those notices that do not
|
111
|
+
pertain to any part of the Derivative Works, in at least one
|
112
|
+
of the following places: within a NOTICE text file distributed
|
113
|
+
as part of the Derivative Works; within the Source form or
|
114
|
+
documentation, if provided along with the Derivative Works; or,
|
115
|
+
within a display generated by the Derivative Works, if and
|
116
|
+
wherever such third-party notices normally appear. The contents
|
117
|
+
of the NOTICE file are for informational purposes only and
|
118
|
+
do not modify the License. You may add Your own attribution
|
119
|
+
notices within Derivative Works that You distribute, alongside
|
120
|
+
or as an addendum to the NOTICE text from the Work, provided
|
121
|
+
that such additional attribution notices cannot be construed
|
122
|
+
as modifying the License.
|
123
|
+
|
124
|
+
You may add Your own copyright statement to Your modifications and
|
125
|
+
may provide additional or different license terms and conditions
|
126
|
+
for use, reproduction, or distribution of Your modifications, or
|
127
|
+
for any such Derivative Works as a whole, provided Your use,
|
128
|
+
reproduction, and distribution of the Work otherwise complies with
|
129
|
+
the conditions stated in this License.
|
130
|
+
|
131
|
+
5. Submission of Contributions. Unless You explicitly state otherwise,
|
132
|
+
any Contribution intentionally submitted for inclusion in the Work
|
133
|
+
by You to the Licensor shall be under the terms and conditions of
|
134
|
+
this License, without any additional terms or conditions.
|
135
|
+
Notwithstanding the above, nothing herein shall supersede or modify
|
136
|
+
the terms of any separate license agreement you may have executed
|
137
|
+
with Licensor regarding such Contributions.
|
138
|
+
|
139
|
+
6. Trademarks. This License does not grant permission to use the trade
|
140
|
+
names, trademarks, service marks, or product names of the Licensor,
|
141
|
+
except as required for reasonable and customary use in describing the
|
142
|
+
origin of the Work and reproducing the content of the NOTICE file.
|
143
|
+
|
144
|
+
7. Disclaimer of Warranty. Unless required by applicable law or
|
145
|
+
agreed to in writing, Licensor provides the Work (and each
|
146
|
+
Contributor provides its Contributions) on an "AS IS" BASIS,
|
147
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
148
|
+
implied, including, without limitation, any warranties or conditions
|
149
|
+
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
150
|
+
PARTICULAR PURPOSE. You are solely responsible for determining the
|
151
|
+
appropriateness of using or redistributing the Work and assume any
|
152
|
+
risks associated with Your exercise of permissions under this License.
|
153
|
+
|
154
|
+
8. Limitation of Liability. In no event and under no legal theory,
|
155
|
+
whether in tort (including negligence), contract, or otherwise,
|
156
|
+
unless required by applicable law (such as deliberate and grossly
|
157
|
+
negligent acts) or agreed to in writing, shall any Contributor be
|
158
|
+
liable to You for damages, including any direct, indirect, special,
|
159
|
+
incidental, or consequential damages of any character arising as a
|
160
|
+
result of this License or out of the use or inability to use the
|
161
|
+
Work (including but not limited to damages for loss of goodwill,
|
162
|
+
work stoppage, computer failure or malfunction, or any and all
|
163
|
+
other commercial damages or losses), even if such Contributor
|
164
|
+
has been advised of the possibility of such damages.
|
165
|
+
|
166
|
+
9. Accepting Warranty or Additional Liability. While redistributing
|
167
|
+
the Work or Derivative Works thereof, You may choose to offer,
|
168
|
+
and charge a fee for, acceptance of support, warranty, indemnity,
|
169
|
+
or other liability obligations and/or rights consistent with this
|
170
|
+
License. However, in accepting such obligations, You may act only
|
171
|
+
on Your own behalf and on Your sole responsibility, not on behalf
|
172
|
+
of any other Contributor, and only if You agree to indemnify,
|
173
|
+
defend, and hold each Contributor harmless for any liability
|
174
|
+
incurred by, or claims asserted against, such Contributor by reason
|
175
|
+
of your accepting any such warranty or additional liability.
|
176
|
+
|
177
|
+
END OF TERMS AND CONDITIONS
|
178
|
+
|
179
|
+
APPENDIX: How to apply the Apache License to your work.
|
180
|
+
|
181
|
+
To apply the Apache License to your work, attach the following
|
182
|
+
boilerplate notice, with the fields enclosed by brackets "[]"
|
183
|
+
replaced with your own identifying information. (Don't include
|
184
|
+
the brackets!) The text should be enclosed in the appropriate
|
185
|
+
comment syntax for the file format. We also recommend that a
|
186
|
+
file or class name and description of purpose be included on the
|
187
|
+
same "printed page" as the copyright notice for easier
|
188
|
+
identification within third-party archives.
|
189
|
+
|
190
|
+
Copyright 2020 Elastic and contributors
|
191
|
+
|
192
|
+
Licensed under the Apache License, Version 2.0 (the "License");
|
193
|
+
you may not use this file except in compliance with the License.
|
194
|
+
You may obtain a copy of the License at
|
195
|
+
|
196
|
+
http://www.apache.org/licenses/LICENSE-2.0
|
197
|
+
|
198
|
+
Unless required by applicable law or agreed to in writing, software
|
199
|
+
distributed under the License is distributed on an "AS IS" BASIS,
|
200
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
201
|
+
See the License for the specific language governing permissions and
|
202
|
+
limitations under the License.
|
data/README.md
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
# Logstash Plugin
|
2
2
|
|
3
|
-
[![Travis Build Status](https://travis-ci.
|
3
|
+
[![Travis Build Status](https://travis-ci.com/logstash-plugins/logstash-mixin-aws.svg)](https://travis-ci.com/logstash-plugins/logstash-mixin-aws)
|
4
4
|
|
5
5
|
This is a plugin for [Logstash](https://github.com/elastic/logstash).
|
6
6
|
|
@@ -10,7 +10,7 @@ module LogStash::PluginMixins::AwsConfig::Generic
|
|
10
10
|
|
11
11
|
# This plugin uses the AWS SDK and supports several ways to get credentials, which will be tried in this order:
|
12
12
|
#
|
13
|
-
# 1. Static configuration, using `access_key_id` and `secret_access_key` params
|
13
|
+
# 1. Static configuration, using `access_key_id` and `secret_access_key` params in the logstash plugin config
|
14
14
|
# 2. External credentials file specified by `aws_credentials_file`
|
15
15
|
# 3. Environment variables `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`
|
16
16
|
# 4. Environment variables `AMAZON_ACCESS_KEY_ID` and `AMAZON_SECRET_ACCESS_KEY`
|
@@ -32,6 +32,7 @@ module LogStash::PluginMixins::AwsConfig::Generic
|
|
32
32
|
# The AWS IAM Role to assume, if any.
|
33
33
|
# This is used to generate temporary credentials typically for cross-account access.
|
34
34
|
# See https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html for more information.
|
35
|
+
# When `role_arn` is set, AWS (`access_key_id`/`secret_access_key`) credentials still get used if they're configured.
|
35
36
|
config :role_arn, :validate => :string
|
36
37
|
|
37
38
|
# Session name to use when assuming an IAM role
|
@@ -11,65 +11,83 @@ module LogStash::PluginMixins::AwsConfig::V2
|
|
11
11
|
def aws_options_hash
|
12
12
|
opts = {}
|
13
13
|
|
14
|
-
if @access_key_id.is_a?(NilClass) ^ @secret_access_key.is_a?(NilClass)
|
15
|
-
@logger.warn("Likely config error: Only one of access_key_id or secret_access_key was provided but not both.")
|
16
|
-
end
|
17
|
-
|
18
|
-
opts[:credentials] = credentials if credentials
|
19
|
-
|
20
14
|
opts[:http_proxy] = @proxy_uri if @proxy_uri
|
21
15
|
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
# For a list, see https://github.com/aws/aws-sdk-ruby/blob/master/lib/aws/core/configuration.rb
|
16
|
+
if @role_arn
|
17
|
+
credentials = assume_role(opts.dup)
|
18
|
+
opts[:credentials] = credentials
|
19
|
+
else
|
20
|
+
credentials = aws_credentials
|
21
|
+
opts[:credentials] = credentials if credentials
|
22
|
+
end
|
23
|
+
|
31
24
|
if self.respond_to?(:aws_service_endpoint)
|
25
|
+
# used by CloudWatch to basically do the same as bellow (returns { region: region })
|
32
26
|
opts.merge!(self.aws_service_endpoint(@region))
|
33
27
|
else
|
34
|
-
|
28
|
+
# NOTE: setting :region works with the aws sdk (resolves correct endpoint)
|
29
|
+
opts[:region] = @region
|
35
30
|
end
|
36
31
|
|
37
|
-
|
38
|
-
|
32
|
+
opts[:endpoint] = @endpoint unless @endpoint.nil?
|
33
|
+
|
34
|
+
if respond_to?(:additional_settings)
|
35
|
+
opts = symbolize_keys_and_cast_true_false(additional_settings).merge(opts)
|
39
36
|
end
|
40
37
|
|
41
38
|
return opts
|
42
39
|
end
|
43
40
|
|
44
41
|
private
|
45
|
-
def credentials
|
46
|
-
@creds ||= begin
|
47
|
-
if @access_key_id && @secret_access_key
|
48
|
-
credentials_opts = {
|
49
|
-
:access_key_id => @access_key_id,
|
50
|
-
:secret_access_key => @secret_access_key.value
|
51
|
-
}
|
52
42
|
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
43
|
+
def aws_credentials
|
44
|
+
if @access_key_id && @secret_access_key
|
45
|
+
Aws::Credentials.new(@access_key_id, @secret_access_key.value, @session_token ? @session_token.value : nil)
|
46
|
+
elsif @access_key_id.nil? ^ @secret_access_key.nil?
|
47
|
+
@logger.warn("Likely config error: Only one of access_key_id or secret_access_key was provided but not both.")
|
48
|
+
secret_access_key = @secret_access_key ? @secret_access_key.value : nil
|
49
|
+
Aws::Credentials.new(@access_key_id, secret_access_key, @session_token ? @session_token.value : nil)
|
50
|
+
elsif @aws_credentials_file
|
51
|
+
credentials_opts = YAML.load_file(@aws_credentials_file)
|
52
|
+
credentials_opts.default_proc = lambda { |hash, key| hash.fetch(key.to_s, nil) }
|
53
|
+
Aws::Credentials.new(credentials_opts[:access_key_id],
|
54
|
+
credentials_opts[:secret_access_key],
|
55
|
+
credentials_opts[:session_token])
|
56
|
+
else
|
57
|
+
nil # AWS client will read ENV or ~/.aws/credentials
|
58
|
+
end
|
66
59
|
end
|
60
|
+
alias credentials aws_credentials
|
61
|
+
|
62
|
+
def assume_role(opts = {})
|
63
|
+
unless opts.key?(:credentials)
|
64
|
+
credentials = aws_credentials
|
65
|
+
opts[:credentials] = credentials if credentials
|
66
|
+
end
|
67
|
+
|
68
|
+
# for a regional endpoint :region is always required by AWS
|
69
|
+
opts[:region] = @region
|
67
70
|
|
68
|
-
def assume_role
|
69
71
|
Aws::AssumeRoleCredentials.new(
|
70
|
-
|
71
|
-
|
72
|
-
|
72
|
+
:client => Aws::STS::Client.new(opts),
|
73
|
+
:role_arn => @role_arn,
|
74
|
+
:role_session_name => @role_session_name
|
73
75
|
)
|
74
76
|
end
|
75
|
-
|
77
|
+
|
78
|
+
def symbolize_keys_and_cast_true_false(hash)
|
79
|
+
case hash
|
80
|
+
when Hash
|
81
|
+
symbolized = {}
|
82
|
+
hash.each { |key, value| symbolized[key.to_sym] = symbolize_keys_and_cast_true_false(value) }
|
83
|
+
symbolized
|
84
|
+
when 'true'
|
85
|
+
true
|
86
|
+
when 'false'
|
87
|
+
false
|
88
|
+
else
|
89
|
+
hash
|
90
|
+
end
|
91
|
+
end
|
92
|
+
|
93
|
+
end
|
@@ -1,17 +1,8 @@
|
|
1
1
|
# encoding: utf-8
|
2
2
|
require "logstash/config/mixin"
|
3
3
|
|
4
|
-
# This module provides helper for the `AWS-SDK` v1,
|
5
|
-
# and it will be deprecated in the near future, please use the V2 module
|
6
|
-
# for any new development.
|
7
4
|
module LogStash::PluginMixins::AwsConfig
|
8
|
-
require "logstash/plugin_mixins/aws_config/v1"
|
9
5
|
require "logstash/plugin_mixins/aws_config/v2"
|
10
6
|
|
11
7
|
US_EAST_1 = "us-east-1"
|
12
|
-
|
13
|
-
def self.included(base)
|
14
|
-
# Add these methods to the 'base' given.
|
15
|
-
base.send(:include, V1)
|
16
|
-
end
|
17
8
|
end
|
data/logstash-mixin-aws.gemspec
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
s.name = 'logstash-mixin-aws'
|
3
|
-
s.version = '
|
3
|
+
s.version = '5.1.0'
|
4
4
|
s.licenses = ['Apache License (2.0)']
|
5
5
|
s.summary = "AWS mixins to provide a unified interface for Amazon Webservice"
|
6
6
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
@@ -18,7 +18,6 @@ Gem::Specification.new do |s|
|
|
18
18
|
# Gem dependencies
|
19
19
|
s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
|
20
20
|
s.add_runtime_dependency 'logstash-codec-plain'
|
21
|
-
s.add_runtime_dependency 'aws-sdk-v1', '>= 1.61.0'
|
22
21
|
s.add_runtime_dependency 'aws-sdk', '~> 2'
|
23
22
|
s.add_development_dependency 'logstash-devutils'
|
24
23
|
s.add_development_dependency 'timecop'
|
@@ -16,90 +16,6 @@ class DummyInputAwsConfigV2NoRegionMethod < LogStash::Inputs::Base
|
|
16
16
|
include LogStash::PluginMixins::AwsConfig::V2
|
17
17
|
end
|
18
18
|
|
19
|
-
class DummyInputAwsConfigV1 < LogStash::Inputs::Base
|
20
|
-
include LogStash::PluginMixins::AwsConfig
|
21
|
-
|
22
|
-
def aws_service_endpoint(region)
|
23
|
-
{ :dummy_input_aws_config_region => "#{region}.awswebservice.local" }
|
24
|
-
end
|
25
|
-
end
|
26
|
-
|
27
|
-
describe LogStash::PluginMixins::AwsConfig do
|
28
|
-
let(:settings) { {} }
|
29
|
-
|
30
|
-
subject { DummyInputAwsConfigV1.new(settings).aws_options_hash }
|
31
|
-
|
32
|
-
describe 'config credential' do
|
33
|
-
|
34
|
-
context 'in credential file' do
|
35
|
-
let(:settings) { { 'aws_credentials_file' => File.join(File.dirname(__FILE__), '..', 'fixtures/aws_credentials_file_sample_test.yml') } }
|
36
|
-
|
37
|
-
it 'should support reading configuration from a yaml file' do
|
38
|
-
expect(subject).to include(:access_key_id => "1234", :secret_access_key => "secret")
|
39
|
-
end
|
40
|
-
end
|
41
|
-
|
42
|
-
context 'inline' do
|
43
|
-
context 'temporary credential' do
|
44
|
-
let(:settings) { { 'access_key_id' => '1234', 'secret_access_key' => 'secret', 'session_token' => 'session_token' } }
|
45
|
-
|
46
|
-
it "should support passing as key, value, and session_token" do
|
47
|
-
expect(subject[:access_key_id]).to eq(settings["access_key_id"])
|
48
|
-
expect(subject[:secret_access_key]).to_not eq(settings["secret_access_key"])
|
49
|
-
expect(subject[:secret_access_key].value).to eq(settings["secret_access_key"])
|
50
|
-
expect(subject[:session_token]).to_not eq(settings["session_token"])
|
51
|
-
expect(subject[:session_token].value).to eq(settings["session_token"])
|
52
|
-
end
|
53
|
-
end
|
54
|
-
|
55
|
-
context 'normal credential' do
|
56
|
-
let(:settings) { { 'access_key_id' => '1234', 'secret_access_key' => 'secret' } }
|
57
|
-
|
58
|
-
it 'should support passing credentials as key, value' do
|
59
|
-
expect(subject[:access_key_id]).to eq(settings['access_key_id'])
|
60
|
-
expect(subject[:secret_access_key]).to_not eq(settings['secret_access_key'])
|
61
|
-
expect(subject[:secret_access_key].value).to eq(settings['secret_access_key'])
|
62
|
-
end
|
63
|
-
end
|
64
|
-
end
|
65
|
-
end
|
66
|
-
|
67
|
-
describe 'config region' do
|
68
|
-
context 'region provided' do
|
69
|
-
let(:settings) { { 'access_key_id' => '1234', 'secret_access_key' => 'secret', 'region' => 'us-west-2' } }
|
70
|
-
|
71
|
-
it 'should use provided region to generate the endpoint configuration' do
|
72
|
-
expect(subject[:dummy_input_aws_config_region]).to eq("us-west-2.awswebservice.local")
|
73
|
-
end
|
74
|
-
end
|
75
|
-
|
76
|
-
context "region not provided" do
|
77
|
-
let(:settings) { { 'access_key_id' => '1234', 'secret_access_key' => 'secret'} }
|
78
|
-
|
79
|
-
it 'should use default region to generate the endpoint configuration' do
|
80
|
-
expect(subject[:dummy_input_aws_config_region]).to eq("us-east-1.awswebservice.local")
|
81
|
-
end
|
82
|
-
end
|
83
|
-
end
|
84
|
-
|
85
|
-
describe 'config endpoint' do
|
86
|
-
context "endpoint provided" do
|
87
|
-
let(:settings) { { 'access_key_id' => '1234', 'secret_access_key' => 'secret', 'endpoint' => 'http://localhost'} }
|
88
|
-
|
89
|
-
it 'should use specified endpoint' do
|
90
|
-
expect(subject[:endpoint]).to eq("http://localhost")
|
91
|
-
end
|
92
|
-
end
|
93
|
-
end
|
94
|
-
|
95
|
-
context 'when we arent providing credentials' do
|
96
|
-
let(:settings) { {} }
|
97
|
-
it 'should always return a hash' do
|
98
|
-
expect(subject).to eq({ :use_ssl => true, :dummy_input_aws_config_region => "us-east-1.awswebservice.local" })
|
99
|
-
end
|
100
|
-
end
|
101
|
-
end
|
102
|
-
|
103
19
|
describe LogStash::PluginMixins::AwsConfig::V2 do
|
104
20
|
let(:settings) { {} }
|
105
21
|
|
@@ -190,6 +106,52 @@ describe LogStash::PluginMixins::AwsConfig::V2 do
|
|
190
106
|
end
|
191
107
|
end
|
192
108
|
end
|
109
|
+
|
110
|
+
context 'role arn with credentials' do
|
111
|
+
|
112
|
+
let(:settings) do
|
113
|
+
{
|
114
|
+
'role_arn' => 'arn:aws:iam::012345678910:role/foo',
|
115
|
+
'region' => 'us-west-2',
|
116
|
+
|
117
|
+
'access_key_id' => '12345678',
|
118
|
+
'secret_access_key' => 'secret',
|
119
|
+
'session_token' => 'session_token',
|
120
|
+
|
121
|
+
'proxy_uri' => 'http://a-proxy.net:1234'
|
122
|
+
}
|
123
|
+
end
|
124
|
+
|
125
|
+
let(:aws_options_hash) { DummyInputAwsConfigV2NoRegionMethod.new(settings).aws_options_hash }
|
126
|
+
|
127
|
+
before do
|
128
|
+
allow_any_instance_of(Aws::AssumeRoleCredentials).to receive(:refresh) # called from #initialize
|
129
|
+
end
|
130
|
+
|
131
|
+
it 'uses credentials' do
|
132
|
+
subject = aws_options_hash[:credentials]
|
133
|
+
expect( subject ).to be_a Aws::AssumeRoleCredentials
|
134
|
+
expect( subject.client ).to be_a Aws::STS::Client
|
135
|
+
expect( credentials = subject.client.config.credentials ).to be_a Aws::Credentials
|
136
|
+
expect( credentials.access_key_id ).to eql '12345678'
|
137
|
+
end
|
138
|
+
|
139
|
+
it 'sets up proxy on client and region' do
|
140
|
+
subject = aws_options_hash[:credentials]
|
141
|
+
expect( subject.client.config.http_proxy ).to eql 'http://a-proxy.net:1234'
|
142
|
+
expect( subject.client.config.region ).to eql 'us-west-2' # probably redundant (kept for backwards compat)
|
143
|
+
end
|
144
|
+
|
145
|
+
it 'sets up proxy top level' do # setting in on the client isn't enough!
|
146
|
+
expect( aws_options_hash[:http_proxy] ).to eql 'http://a-proxy.net:1234'
|
147
|
+
end
|
148
|
+
|
149
|
+
it 'sets up region top-level' do
|
150
|
+
# NOTE: this one is required for real with role_arn :
|
151
|
+
expect( aws_options_hash[:region] ).to eql 'us-west-2'
|
152
|
+
end
|
153
|
+
|
154
|
+
end
|
193
155
|
end
|
194
156
|
end
|
195
157
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logstash-mixin-aws
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 5.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Elastic
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-02-15 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
@@ -44,20 +44,6 @@ dependencies:
|
|
44
44
|
- - ">="
|
45
45
|
- !ruby/object:Gem::Version
|
46
46
|
version: '0'
|
47
|
-
- !ruby/object:Gem::Dependency
|
48
|
-
requirement: !ruby/object:Gem::Requirement
|
49
|
-
requirements:
|
50
|
-
- - ">="
|
51
|
-
- !ruby/object:Gem::Version
|
52
|
-
version: 1.61.0
|
53
|
-
name: aws-sdk-v1
|
54
|
-
prerelease: false
|
55
|
-
type: :runtime
|
56
|
-
version_requirements: !ruby/object:Gem::Requirement
|
57
|
-
requirements:
|
58
|
-
- - ">="
|
59
|
-
- !ruby/object:Gem::Version
|
60
|
-
version: 1.61.0
|
61
47
|
- !ruby/object:Gem::Dependency
|
62
48
|
requirement: !ruby/object:Gem::Requirement
|
63
49
|
requirements:
|
@@ -116,7 +102,6 @@ files:
|
|
116
102
|
- README.md
|
117
103
|
- lib/logstash/plugin_mixins/aws_config.rb
|
118
104
|
- lib/logstash/plugin_mixins/aws_config/generic.rb
|
119
|
-
- lib/logstash/plugin_mixins/aws_config/v1.rb
|
120
105
|
- lib/logstash/plugin_mixins/aws_config/v2.rb
|
121
106
|
- logstash-mixin-aws.gemspec
|
122
107
|
- spec/fixtures/aws_credentials_file_sample_test.yml
|
@@ -141,8 +126,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
141
126
|
- !ruby/object:Gem::Version
|
142
127
|
version: '0'
|
143
128
|
requirements: []
|
144
|
-
|
145
|
-
rubygems_version: 2.6.13
|
129
|
+
rubygems_version: 3.1.6
|
146
130
|
signing_key:
|
147
131
|
specification_version: 4
|
148
132
|
summary: AWS mixins to provide a unified interface for Amazon Webservice
|
@@ -1,64 +0,0 @@
|
|
1
|
-
# encoding: utf-8
|
2
|
-
require "logstash/plugin_mixins/aws_config/generic"
|
3
|
-
|
4
|
-
module LogStash::PluginMixins::AwsConfig::V1
|
5
|
-
def self.included(base)
|
6
|
-
# Make sure we require the V1 classes when including this module.
|
7
|
-
# require 'aws-sdk' will load v2 classes.
|
8
|
-
require "aws-sdk-v1"
|
9
|
-
base.extend(self)
|
10
|
-
base.send(:include, LogStash::PluginMixins::AwsConfig::Generic)
|
11
|
-
base.setup_aws_config
|
12
|
-
end
|
13
|
-
|
14
|
-
public
|
15
|
-
def setup_aws_config
|
16
|
-
# Should we require (true) or disable (false) using SSL for communicating with the AWS API
|
17
|
-
# The AWS SDK for Ruby defaults to SSL so we preserve that
|
18
|
-
config :use_ssl, :validate => :boolean, :default => true
|
19
|
-
end
|
20
|
-
|
21
|
-
public
|
22
|
-
def aws_options_hash
|
23
|
-
opts = {}
|
24
|
-
|
25
|
-
if @role_arn || @role_session_name
|
26
|
-
@logger.warn("role_arn and role_session_name settings are not supported in the v1 plugin")
|
27
|
-
end
|
28
|
-
|
29
|
-
if @access_key_id.is_a?(NilClass) ^ @secret_access_key.is_a?(NilClass)
|
30
|
-
@logger.warn("Likely config error: Only one of access_key_id or secret_access_key was provided but not both.")
|
31
|
-
end
|
32
|
-
|
33
|
-
if @access_key_id && @secret_access_key
|
34
|
-
opts = {
|
35
|
-
:access_key_id => @access_key_id,
|
36
|
-
:secret_access_key => @secret_access_key
|
37
|
-
}
|
38
|
-
opts[:session_token] = @session_token if @session_token
|
39
|
-
elsif @aws_credentials_file
|
40
|
-
opts = YAML.load_file(@aws_credentials_file)
|
41
|
-
end
|
42
|
-
|
43
|
-
opts[:proxy_uri] = @proxy_uri if @proxy_uri
|
44
|
-
opts[:use_ssl] = @use_ssl
|
45
|
-
|
46
|
-
|
47
|
-
# The AWS SDK for Ruby doesn't know how to make an endpoint hostname from a region
|
48
|
-
# for example us-west-1 -> foosvc.us-west-1.amazonaws.com
|
49
|
-
# So our plugins need to know how to generate their endpoints from a region
|
50
|
-
# Furthermore, they need to know the symbol required to set that value in the AWS SDK
|
51
|
-
# Classes using this module must implement aws_service_endpoint(region:string)
|
52
|
-
# which must return a hash with one key, the aws sdk for ruby config symbol of the service
|
53
|
-
# endpoint, which has a string value of the service endpoint hostname
|
54
|
-
# for example, CloudWatch, { :cloud_watch_endpoint => "monitoring.#{region}.amazonaws.com" }
|
55
|
-
# For a list, see https://github.com/aws/aws-sdk-ruby/blob/master/lib/aws/core/configuration.rb
|
56
|
-
opts.merge!(self.aws_service_endpoint(@region))
|
57
|
-
|
58
|
-
if !@endpoint.is_a?(NilClass)
|
59
|
-
opts[:endpoint] = @endpoint
|
60
|
-
end
|
61
|
-
|
62
|
-
return opts
|
63
|
-
end # def aws_options_hash
|
64
|
-
end
|